Releases: linuxserver/docker-bookstack
v0.30.5-ls115
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Report: Server Side Request Forgery Through Content Exports
- Update details on blog
Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL option in your .env file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.
v0.30.5-ls114
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Report: Server Side Request Forgery Through Content Exports
- Update details on blog
Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL option in your .env file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.
v0.30.5-ls113
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Report: Server Side Request Forgery Through Content Exports
- Update details on blog
Phishing and and server-side request forgery vulnerabilities have been found within BookStack. Release v0.30.5 will remove this server-side request forgery issue while bringing updated wording and advisories to prevent the potential phishing vulnerability. You should ensure you've set the APP_URL option in your .env file to prevent likelihood of the phishing attack. Please view the above report or blogpost links for more detail.
v0.30.4-ls112
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Reports:
- Update details on blog
This release addresses XSS and user-injected auto-redirect vulnerabilities within the page content & attachment components of BookStack. These are primarily a concern if untrusted users can edit content on your BookStack instance. Please view the above report or blogpost links for more detail.
v0.30.4-ls111
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Security Release
- Update Instructions
- Vulnerability Reports:
- Update details on blog
This release addresses XSS and user-injected auto-redirect vulnerabilities within the page content & attachment components of BookStack. These are primarily a concern if untrusted users can edit content on your BookStack instance. Please view the above report or blogpost links for more detail.
v0.30.3-ls110
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v0.30.3-ls109
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v0.30.3-ls108
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
v0.30.2-ls108
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated JavaScript build system to provide slightly better browser compatibility.
- Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
- Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
- Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
- Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)
v0.30.2-ls107
LinuxServer Changes:
Rebase to alpine 3.12. Fix APP_URL setting. Bump php post max and upload max filesizes to 100MB by default.
bookstack Changes:
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated JavaScript build system to provide slightly better browser compatibility.
- Updated page-content save parsing to update anchor references on IDs changed by BookStack. (#2278)
- Fixed issue where creating a link attachment after mulitple validation failures would result in many duplicate links being created. (#2286)
- Updated drawing integration to, by default, use diagrams.net instead of draw.io. (#2285, #2044)
- Updated default .htaccess to align with laravel's and allow canonical redirects on non-root url app instances. Thanks to @jakubboucek. (#2272)